Peter Girnus
@gothburz.bsky.social
Sr. Threat Researcher @theZDI 🥷🏻🛡️👨🏼💻Hunts for 0-days and #security threats in the wild 🎯 News 📰 Memes 😏 Books 📚 Games 👾 opinions my own 💭 #infosec
Justi autem in perpetuum vivent et apud Dominum est merces eorum — Wisdom 5:16
June 4, 2025 at 2:30 AM
Justi autem in perpetuum vivent et apud Dominum est merces eorum — Wisdom 5:16
"It is evening in the soul... when the light of this world fades and a man is indrawn and rests" — Meister Eckhart, Sermon 38
April 19, 2025 at 5:31 PM
"It is evening in the soul... when the light of this world fades and a man is indrawn and rests" — Meister Eckhart, Sermon 38
🚨Patch up your Kubernetes installs.
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
March 25, 2025 at 4:03 PM
🚨Patch up your Kubernetes installs.
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
🩹SMR-MAR-2025: @SamsungMobile releases patches for flagship model phones 📱 make sure to apply the latest patch in order to secure your @Samsung devices.
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
March 6, 2025 at 6:02 PM
🩹SMR-MAR-2025: @SamsungMobile releases patches for flagship model phones 📱 make sure to apply the latest patch in order to secure your @Samsung devices.
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
Over 37,000 VMware ESXi servers are vulnerable to a critical flaw (CVE-2025-22224) that is being actively exploited, prompting urgent updates and mitigation efforts from affected organizations. From @BleepinComputer @billtoulas
March 6, 2025 at 5:30 PM
Over 37,000 VMware ESXi servers are vulnerable to a critical flaw (CVE-2025-22224) that is being actively exploited, prompting urgent updates and mitigation efforts from affected organizations. From @BleepinComputer @billtoulas
🚨@BleepinComputer: BadBox malware 🦠 disrupted on 500K Android devices! @billtoulas reports.
March 5, 2025 at 5:45 PM
🚨@BleepinComputer: BadBox malware 🦠 disrupted on 500K Android devices! @billtoulas reports.
So many security advisories going out! 🤯 Including VMWare, HUAWEI, Paragon, and Mozilla. Here is what the vulnerability landscape looks like. Lots of Injection and Memory Corruption issues across all of these advisories.
March 4, 2025 at 6:30 PM
So many security advisories going out! 🤯 Including VMWare, HUAWEI, Paragon, and Mozilla. Here is what the vulnerability landscape looks like. Lots of Injection and Memory Corruption issues across all of these advisories.
Hackers exploit ClickFix to deploy NetSupport RAT via fake CAPTCHAs, tricking users into running malicious PowerShell. @TheHackersNews 🐀🚨💻 https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html
March 3, 2025 at 6:03 PM
Hackers exploit ClickFix to deploy NetSupport RAT via fake CAPTCHAs, tricking users into running malicious PowerShell. @TheHackersNews 🐀🚨💻 https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html
Help! I can't reach this advisory 🤯 My CISO says if I can't this patched I'm out 🚨
February 27, 2025 at 3:03 PM
Help! I can't reach this advisory 🤯 My CISO says if I can't this patched I'm out 🚨
@Unit42_Intel uncovers Squidoor, a stealthy threat by suspected Chinese hackers hitting global orgs. Multi-platform mayhem on Windows & Linux! 👇 https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/
February 27, 2025 at 1:03 PM
@Unit42_Intel uncovers Squidoor, a stealthy threat by suspected Chinese hackers hitting global orgs. Multi-platform mayhem on Windows & Linux! 👇 https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/
🚨 Hackers exploited an XSS flaw in @krpano's virtual tour framework, injecting spam ads on 350+ sites, including gov & uni pages. 👇 https://thehackernews.com/2025/02/hackers-exploited-krpano-framework-flaw.html
February 26, 2025 at 8:30 PM
🚨 Hackers exploited an XSS flaw in @krpano's virtual tour framework, injecting spam ads on 350+ sites, including gov & uni pages. 👇 https://thehackernews.com/2025/02/hackers-exploited-krpano-framework-flaw.html
There are two things we can rely on to be in the news: Ukraine and planes crashing.
February 24, 2025 at 11:01 PM
There are two things we can rely on to be in the news: Ukraine and planes crashing.
RIP... I just spotted the guy I hired off LinkedIn for a DevOps role in the news. He just resigned today, says he's crypto-rich, bought a Lambo, and is retiring early, all thanks to Ethereum. Who knew DevOps could be so lucrative?
February 24, 2025 at 10:11 PM
RIP... I just spotted the guy I hired off LinkedIn for a DevOps role in the news. He just resigned today, says he's crypto-rich, bought a Lambo, and is retiring early, all thanks to Ethereum. Who knew DevOps could be so lucrative?
A free game on Steam named PirateFi was caught distributing Vidar infostealing malware.
@BleepinComputer advises anyone who downloaded it to scan their PC for potential threats. @Steam
@BleepinComputer advises anyone who downloaded it to scan their PC for potential threats. @Steam
February 16, 2025 at 7:30 PM
A free game on Steam named PirateFi was caught distributing Vidar infostealing malware.
@BleepinComputer advises anyone who downloaded it to scan their PC for potential threats. @Steam
@BleepinComputer advises anyone who downloaded it to scan their PC for potential threats. @Steam
Storm-2372 has been using device code phishing since August 2024 to target governments, NGOs, and industries. This technique tricks users into providing login tokens, enabling account takeovers.
@securityaffairs @MsftSecIntel @Microsoft
@securityaffairs @MsftSecIntel @Microsoft
February 16, 2025 at 6:35 PM
Storm-2372 has been using device code phishing since August 2024 to target governments, NGOs, and industries. This technique tricks users into providing login tokens, enabling account takeovers.
@securityaffairs @MsftSecIntel @Microsoft
@securityaffairs @MsftSecIntel @Microsoft
Microsoft patched my Microsoft Edge spoofing vulnerability (CVE-2025-21404 - ZDI-CAN-25393) as part of their February 11th Patch Tuesday release. Patch Up! @msftsecresponse #infosec
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404
February 11, 2025 at 7:03 PM
Microsoft patched my Microsoft Edge spoofing vulnerability (CVE-2025-21404 - ZDI-CAN-25393) as part of their February 11th Patch Tuesday release. Patch Up! @msftsecresponse #infosec
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404
Sony apologizes for the recent PSN outage with a 5-day
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
February 9, 2025 at 5:30 PM
Sony apologizes for the recent PSN outage with a 5-day
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
Sony apologizes for the recent PSN outage with a 5-day
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
February 9, 2025 at 5:15 PM
Sony apologizes for the recent PSN outage with a 5-day
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
@PlayStationPlus extension for all members. Network services are back to normal. #PlayStation #PSNOutage https://techcrunch.com/2025/02/09/sony-says-playstation-plus-members-will-get-five-day-extension-after-outage/
I'm now notorious in the online gambling community 🎲 will set up a meme coin shortly. 💰🚀
February 9, 2025 at 2:30 AM
I'm now notorious in the online gambling community 🎲 will set up a meme coin shortly. 💰🚀
Is this a meme coin?
February 9, 2025 at 2:01 AM
Is this a meme coin?
Vulnerability Classes
February 8, 2025 at 5:30 PM
Vulnerability Classes
Vulnerabilities Published By Hour
February 8, 2025 at 5:30 PM
Vulnerabilities Published By Hour